b'                       U.S. Environmental Protection Agency \t                                                 11-P-0725\n                                                                                                      September 30, 2011\n                       Office of Inspector General\n\n\n                       At a Glance\n                                                                             Catalyst for Improving the Environment\n\n\nWhy We Did This Review            Region 9 Technical and Computer Room\nThe U.S. Environmental\n                                  Security Vulnerabilities Increase Risk to\nProtection Agency (EPA),          EPA\xe2\x80\x99s Network\nOffice of Inspector General\n(OIG), conducted this audit to\n                                   What We Found\nidentify technical\nvulnerabilities associated with\n                                  OIG technical vulnerability scans conducted at Region 9 headquarters revealed a\nthe Agency\xe2\x80\x99s network devices\n                                  multitude of high-risk and medium-risk vulnerabilities. These vulnerabilities were\nlocated in EPA\xe2\x80\x99s Region 9\n                                  identified on Region 9 servers, desktops, and printers. The exploitation of\nheadquarters building, and to\n                                  unidentified and unremediated vulnerabilities could greatly impact the network\nassess the security posture of\n                                  security posture of Region 9 headquarters and/or the entire EPA network by\nthe Region 9 computer room.\n                                  exposing Agency data, information, and configurations to unauthorized access.\nResults of this audit were\nprovided to the appropriate\n                                  The OIG physical and environmental control review of the Region 9 computer\nEPA officials who can then\n                                  room found that sufficient protections were not in place to safeguard critical\npromptly remediate and/or\n                                  information technology assets and associated data from the risk of damage and/or\ndocument their planned\n                                  loss.\nactions to resolve the\nidentified technical\n                                   What We Recommend\nvulnerabilities and computer\nroom security findings.\n                                  We recommend that the Senior Information Official, Region 9:\nBackground\n                                      \xe2\x80\xa2   Remediate high-risk and medium-risk technical vulnerabilities\nThis audit was conducted in           \xe2\x80\xa2   Remediate physical and environmental control deficiencies\nsupport of the annual audit of\nEPA\xe2\x80\x99s compliance with the         The full report is not available to the public due to the sensitive nature of its\nFederal Information Security      technical findings.\nManagement Act.\n\n\n\nFor further information,\ncontact our Office of\nCongressional and Public\nAffairs at (202) 566-2391.\n\x0c'